Sonatype stops software supply chain attack aimed at the Java developer community
9 minute read time
Sonatype removed 3 malicious open-source Java components from Maven Central targeting popular software releases, stopping a software supply chain attack.
Read More...
Two new RubyGems laced with cryptocurrency-stealing malware taken down
5 minute read time
RubyGems removed 2 gems from its repo that contained malicious code.
Read More...
There's a RAT in my code: New npm malware with Bladabindi trojan spotted
8 minute read time
Sonatype discovered new malware within the npm registry, jdb.js and db-json.
Read More...
Massive threat campaign strikes open-source repos, Sonatype spots new CursedGrabber malware
8 minute read time
Sonatype has discovered more malware in the npm registry, xpc. Find out more.
Read More...
Sonatype has identified a series of counterfeit components in the npm ecosystem, Discord.
Read More...
Gitpaste-12: A dozen exploits that silently lived on GitHub, attacked Linux servers
5 minute read time
Gitpaste-12, a worming botnet, is extremely versatile in its advanced capabilities as it leverages trustworthy sites like GitHub and Pastebin to host itself.
Read More...
Discord recently patched a set of critical vulns that could allow a skilled attacker to gain Remote Code Execution privileges on the users’ Desktop app.
Read More...
Sonatype finds malicious npm packages which broadcast your IP, username, and device fingerprint info on the web
8 minute read time
Initially found by Sonatype's malicious code detection bots, our researchers have discovered and confirmed the presence of two new vulnerable npm packages.
Read More...
Inside the "Fallguys" malware that steals your browsing data and gaming IMs; continued attack on open source software
5 minute read time
This weekend a malicious component called “fallguys” was discovered on npm impersonating an API for the widely popular video game, Fall Guys: Ultimate.
Read More...